New Resource: aws_guardduty_ipset #3161
Conversation
atsushi-ishibashi
changed the title
bflad
added
new-resource
aws/resource_aws_guardduty_ipset.go
Outdated
| return fmt.Errorf("[WARN] Error waiting for GuardDuty IpSet status to be \"%s\": %s", guardduty.IpSetStatusActive, err) | ||
| } | ||
|
|
||
| d.SetId(*resp.IpSetId) |
There was a problem hiding this comment.
Can you make the resource ID fmt.Sprintf("%s:%s", detectorID, *resp.IpSetId) so we can also add the passthrough import please?
| `, testAccGuardDutyDetectorConfig_basic1, rName, rName, rName) | ||
| } | ||
|
|
||
| func testAccGuardDutyIpsetConfig_update(rName, modName string) string { |
There was a problem hiding this comment.
Nitpick: Can you make the Config_basic able to take in all the required inputs so we don't need two configuration functions please?
aws/validators.go
Outdated
|
|
||
| func validateGuardDutyIpsetFormat(v interface{}, k string) (ws []string, errors []error) { | ||
| value := v.(string) | ||
| validType := []string{"TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE"} |
There was a problem hiding this comment.
Nitpick: Can you use the SDK provided constants please? e.g. guardduty.IpSetFormatAlienVault
|
|
||
| # aws_guardduty_ipset | ||
|
|
||
| Provides a resource to manage a GuardDuty detector. |
There was a problem hiding this comment.
Copypasta: Should be GuardDuty IPSet
There was a problem hiding this comment.
We might want to include the note from the GuardDuty API documentation here.
~> **Note:** Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the master account are imposed on GuardDuty functionality in its member accounts.
| if !ok { | ||
| return fmt.Errorf("Not found: %s", name) | ||
| } | ||
|
|
There was a problem hiding this comment.
Generally we try to verify the resources actually exist in AWS in these. Once the ID is updated, you can do that here. 👍
| } | ||
| return err | ||
| } | ||
|
|
There was a problem hiding this comment.
We need to d.Set("activate", *resp.Status == guardduty.IpSetStatusActive) here. We may want to consider renaming the attribute active.
bflad
added
the
waiting-response
I didn't understand how |
|
@atsushi-ishibashi |
|
@bflad Thank you! |
radeksimko
removed
the
waiting-response
|
Thanks so much @atsushi-ishibashi! This looks great and I'll be merging it momentarily. FYI I will be adding one very minor commit to this, its needed to ensure the acceptance testing works when run in parallel testing environments (like our daily repository acceptance testing) since GuardDuty only allows one detector in each account at a time (check out: https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_guardduty_test.go). We don't expect most folks to know or worry about this most of the time since we're very appreciative of |
|
@bflad I got it. Thank you! |
|
This has been released in terraform-provider-aws version 1.9.0. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
#2489